lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8329156.T7Z3S40VBb@camazotz>
Date: Fri, 02 Feb 2024 20:08:31 -0600
From: Elizabeth Figura <zfigura@...eweavers.com>
To: Andi Kleen <ak@...ux.intel.com>
Cc: Arnd Bergmann <arnd@...db.de>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
 Jonathan Corbet <corbet@....net>, Shuah Khan <shuah@...nel.org>,
 linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
 wine-devel@...ehq.org,
 André Almeida <andrealmeid@...lia.com>,
 Wolfram Sang <wsa@...nel.org>, Arkadiusz Hiler <ahiler@...eweavers.com>,
 Peter Zijlstra <peterz@...radead.org>, Andy Lutomirski <luto@...nel.org>,
 linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org
Subject:
 Re: [RFC PATCH v2 19/29] selftests: ntsync: Add some tests for
 NTSYNC_IOC_WAIT_ANY.

On Wednesday, 31 January 2024 02:52:11 CST Andi Kleen wrote:
> Elizabeth Figura <zfigura@...eweavers.com> writes:
> 
> > +TEST(test_wait_any)
> > +{
> > +	struct ntsync_mutex_args mutex_args = {0};
> > +	struct ntsync_wait_args wait_args = {0};
> > +	struct ntsync_sem_args sem_args = {0};
> > +	__u32 owner, index, count;
> > +	struct timespec timeout;
> > +	int objs[2], fd, ret;
> > +
> > +	clock_gettime(CLOCK_MONOTONIC, &timeout);
> > +
> > +	fd = open("/dev/ntsync", O_CLOEXEC | O_RDONLY);
> > +	ASSERT_LE(0, fd);
> > +
> > +	sem_args.count = 2;
> > +	sem_args.max = 3;
> > +	sem_args.sem = 0xdeadbeef;
> > +	ret = ioctl(fd, NTSYNC_IOC_CREATE_SEM, &sem_args);
> > +	EXPECT_EQ(0, ret);
> > +	EXPECT_NE(0xdeadbeef, sem_args.sem);
> > +
> > +	mutex_args.owner = 0;
> > +	mutex_args.count = 0;
> > +	mutex_args.mutex = 0xdeadbeef;
> > +	ret = ioctl(fd, NTSYNC_IOC_CREATE_MUTEX, &mutex_args);
> > +	EXPECT_EQ(0, ret);
> > +	EXPECT_NE(0xdeadbeef, mutex_args.mutex);
> 
> It seems your tests are missing test cases for exceeding any limits,
> especially overflow/underflow cases. Since these are the most likely
> for any security problems it would be good to have extra coverage here.
> The fuzzers will hopefully hit it too.
> 
> Also some stress testing with multiple threads would be useful.

Thanks, I'll add these.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ